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Detailed Action 

1 . This action is responsive to communication: amendment filed on 
7 October 2004, the original application was filed on 8 January 2001 . 

2. Due to amendment claims 1-15 and 18-35 are currently pending in this 
application. Claims 1, 8, 13, 18, 23, 24, 29, 32, and 34 are independent claims. Claims 
16 and 17 have been canceled. Claims 18, 19, and 29 have been amended. The 
amendment to the claims is accepted. 

3. The amendment filed 7 October 2004 to the specification is objected to under 35 
U.S.C. 132 because it introduces new matter into the disclosure. 35 U.S.C. 132 states 
that no amendment shall introduce new matter into the disclosure of the invention. The 
added material which is not supported by the original disclosure is as follows: The new 
abstract is not supported by the original disclosure. It appears that an abstract related 
to different invention was placed into the application because the original application 
relates to a technology for managing credentials, whereas the new abstract is directed 
towards a technology for inserting and detecting watermarks in signals, such as music 
clip. Furthermore the modification to the text on page 15 seems to refer to a different 
application because the text on 15 of the original application contains a formula and is 
the middle of the detailed description ... whereas the text to be added is usually placed 
in a heading under "RELATED APPLICATION DATA" usually placed on the first page of 
the specification. In addition although the assignee is the same "Microsoft Corporation" 
the inventors are different and no reference was made in the original application to the 
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earlier application with a filing date of 22 May 1999, in addition other than assignee 
there is not a relation between the two inventions. 

Applicant is required to cancel the new matter in the reply to this Office Action. 

Response to Arguments 
4. Applicant's arguments filed on 7 October 2004 have been fully considered but 
they are not persuasive. 

In response to applicant's argument beginning on page 17, line 22 "the Applicant 
submits that the Office has not identified with particularity, where each feature and 
element of this claim is found in the cited passage of the reference ... each feature and 
element of this claim," such as "High-Level Credential". The Office disagrees with 
argument although the term "High-Level Credential" is used this can have the same 
meaning as "password" or user name. Likewise, as the reference indicates smart rules 
can be used to set further limits on the distribution of credentials. 
Also in response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., X.509) are not recited in the rejected claim(s), until claim 3, which is not 
incorporated in the independent claim or the other dependent claims. Although the 
claims are interpreted in light of the specification, limitations from the specification are 
not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. 
Cir. 1993). Likewise claim 3, X.509 certificates was rejected under 35 U.S.C. 103 with 
the combination of references cited in the Office Action. 
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In response to applicant's argument beginning on page 20, the Office has not 
identified with particularity, where each feature and element of this claim is found in the 
cited reference" such as "Marshalling". The Office disagrees the term "marshaling" has 
the same meaning as passing or transferring. The Office Action shown this in the cited 
passage where the results are "transferred to the legacy application". 

In response to applicants' arguments beginning on page 21, with respect to 
independent claims 8 and 13, While the Office's assertion (that this claim incorporates 
substantially similar subject matter as claim 1) may or may not be true, Applicant 
asserts that this independent claim is patentable different that claim 1 ; and therefore, it 
deserves to be examined on its own". The Office does not agree these claims are 
substantially similar, if the applicant argument is that they are patentable different 
please indicate how the claims are different. 

In response to applicants' arguments beginning on page 20, with respect to 
dependent claims 2-7, 9-12, and 14-15, "these dependent claims is allowable for the 
same reasons that its base claim is allowable". The Office disagrees the independent 
claim is not allowable therefore these claims are not allowable. 

In response to applicant's argument beginning on page 23, with respect to claim 
18 "This distinction between high- and low-level credentials is discussed through-out the 
Application ... Applicant submits the Olden does not do this. Instead, with Olden 
authorization to access a first set of functionality based upon low-level credential 
(username/password pair) ... Olden ONLY handles low-level credentials". The Office 
disagrees with argument as stated previously. A. The term high- or low-level 
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credentials can have the same meaning as a current password verse and old password, 
or a user passing successful authentication. In addition as stated previously while the 
claims are interpreted in light of the specification, limitations from the specification are 
not placed into the claims. If the applicant wants to distinguish high-level credentials as 
X.509 this should be included in the independent claim. 

In response to applicants 1 arguments beginning on page 27, with respect to 
independent claims 23 and 24, While the Office's assertion (that this claim incorporates 
substantially similar subject matter as claim 1) may or may not be true, Applicant 
asserts that this independent claim is patentable different that claim 1; and therefore, it 
deserves to be examined on its own". The Office does not agree these claims are 
substantially similar, if the applicant argument is that they are patentable different 
please indicate how the claims are different. 

In response to applicants' arguments beginning on page 27, with respect to 
dependent claims 19-22 and 25-28, "these dependent claims is allowable for the same 
reasons that its base claim is allowable". The Office disagrees the independent claim is 
not allowable therefore these claims are not allowable. 

In response to applicant's argument beginning on page 29, with respect to claim 
29, the applicant proposes the same arguments that were previously presented 
concerning "High-Level Credential" and "Marshalling". The Office disagrees with these 
arguments as previously indicated. The Office disagrees with argument although the 
term "High-Level Credential" is used this can have the same meaning as "password" or 
user name. Likewise, as the reference indicates smart rules can be used to set further 
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limits on the distribution of credentials. It is noted that the features upon which applicant 
relies (i.e., X.509) are not recited in the rejected claim(s), until claim 3, which is not 
incorporated in the independent claim or the other dependent claims. The Office 
disagrees the term "marshaling" has the same meaning as passing or transferring. 

In response to applicants' arguments beginning on page 32, with respect to 
dependent claims 30 and 31, "these dependent claims is allowable for the same 
reasons that its base claim is allowable". The Office disagrees the independent claim is 
not allowable therefore these claims are not allowable. 

In response to applicant's arguments beginning on page 33, with respect to claim 
32, "In particular, the Office has not identified, nor can Applicant find, where Olden 
discloses "receiving a CredUI-promptfor-credentials call having a set of parameters 
comprising a TargetName, Context, AuthFlags and Flags". The Office disagrees the 
reference shows many examples of these steps, for exampled see col. 9, lines 27-51 
"During a request" same meaning as "CredUI-promptfor-credentials" 

"different application functions 84 to which the customer has access rights, and 
returns the correct interface which support the function set" has the same meaning as 
"set of parameters" 

as well as see col. 17, line 65 through col. 18, line 59 "Smart rules are filters that 
govern user access to applications. When a smart rule is defined for an application in 
order to determine authorization, the security and access management system 10 
examines a property for a specific user, and grants or denies access to an application 
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resource based on the value found" has the same meaning as "TargetName, Context, 
AuthFlags, and Flags" 

In response to applicant's argument on page 34, with respect to claim 32, 
"Furthermore, Applicant submits that Olden does not disclose the all of the steps of this 
method (parsing a call; obtaining a credential; associating; and persisting) generally or 
specifically". The Office disagrees this is shown throughout the reference see col. 17, 
line 65 through 18, line 59 above. Note database processing performs the tasks 
Applicant is claiming, i.e. parsing, obtaining, associating, persisting ect. 

In response to applicant's argument on page 34, with respect to dependent claim 
33, "this dependent claims is allowable for the same reasons that its base claim is 
allowable". The Office disagrees the independent claim is not allowable therefore these 
claims are not allowable. 

In response to applicant's argument on page 35, with respect to claim 34 "In 
particular, the Office has not identified, nor can Applicant find, where Olden discloses 
"receiving a CredUI-promptfor-credentials call having a set of parameters comprising a 
TargetName, Context, AuthFlags and Flags". The Office disagrees the reference shows 
many examples of these steps, for exampled see col. 9, lines 27-51 

"During a request" same meaning as "CredUI-promptfor-credentials" 

"different application functions 84 to which the customer has access rights, and 
returns the correct interface which support the function set" has the same meaning as 
"set of parameters" 
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see col. 17, line 65 through col. 18, lines 59 "Smart rules are filters that govern 
user access to applications. When a smart rule is defined for an application in order to 
determine authorization, the security and access management system 10 examines a 
property for a specific user, and grants or denies access to an application resource 
based on the value found" has the same meaning as "TargetName, Context, AuthFlags, 
and Flags" 

In response to applicant's argument on page 36, with respect to dependent claim 
35, "this dependent claims is allowable for the same reasons that its base claim is 
allowable". The Office disagrees the independent claim is not allowable therefore these 
claims are not allowable. 

In response to applicants' argument on page 37, with respect to claims 3, 9, and 
25, 'These claims ultimately depend upon independent claims 1, 8, and/or 24. As 
discussed above, these claims are allowable". The Office disagrees^the independent 
claims are not allowable; nor are the dependent claims. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the- United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language 
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6. Claims 1-2, 4-8, 10-24, and 26-35 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Olden U.S. Patent No. 6,460,141 (hereinafter '141). 

As to independent claim 1, "A method for accommodating a legacy 
application, the method comprising: obtaining a request for a high-level 
credential from a legacy application; marshalling the requested credential; 
returning the marshaled credential to the application" is taught in '141 col. 25, 
lines 29-39. 

As to dependent claim 2, "further comprising, after the obtaining, seeking 
the requested credential in a database of credentials" is shown in '141 col. 25, 
lines 29-35. 

As to dependent claim 4 "wherein the marshaled credentials appear to be a 
conventional username/password pair to the legacy application" is disclosed in 
'141 col. 25, lines 29-35. j 

As to dependent claim 5, "wherein marshalling comprises: obtaining the 
requested high-level credential; pickling the requested high-level credential to 
generate a low-level credential that represents the requested high-level credential 
while appearing to be a conventional username/password pair to the legacy 
application" is taught in '141 col. 25, lines 29-39. 

As to dependent claim 6, "A method as recited in claim 1, wherein the 
legacy application never has access to the high-level credential" is shown in '141 
col. 24, lines 25-50. 
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As to dependent claim 7, this claim is directed to a computer-readable medium 
of the method of claim 1 and is rejected along the same rationale. 
As to independent claim 8, this claim incorporates substantially similar subject matter 
as claim 1 and is rejected along the same rationale. 

As to dependent claims 10 and 11 these claims incorporate substantially 
similar subject matter as claims 4 and 6; therefore they are rejected along the same 
rationale. 

As to dependent claim 12, this claim is directed to a computer-readable 
medium of the method of claim 8 and is rejected along the same rationale. 

As to independent claim 13, this claim incorporates substantially similar subject 
matter as claim 1 and is rejected along the same rationale. 

As to dependent claim 14, "further comprising repeating the obtaining, 
locating, and returning for a different network that is authenticated using a 
different credential" is taught in '141 col. 23, line 55-67 and col. 25 lines 5-20. 

As to dependent claim 15, this claim is directed to a computer-readable 
medium of the method of claim 12 and is rejected along the same rationale. 

As to independent claim 18, "A credential management architecture, 
comprising: a trusted computing base (TCB) that has 111 access to persisted 
credentials, the TCB being configured to interact with an entrusted computing 
layer (UTCL) that accesses the persisted credentials via the TCB; the TCB 
comprises: a credential management module configured to receive requests from 



Application/Control Number: 09/757,058 Page 1 1 

Art Unit: 2134 

the UTCL for a high level credential for a resource" is taught in '141 col. 3, lines 39- 
61; 

"the high level credential being associated with a user; a credential 
database associated with the user, wherein credentials are persisted within the 
database; the credential management module being configured to retrieve 
credentials from the database" is shown in '141 col. 4, lines 27-34. 

As to dependent claim 19, "architecture as recited claim wherein credential 
management module is further configured to marshal a requested high-level 
credential and return the marshaled credential to the UTCL" is disclosed in '141 col. 
4, lines 35-45. 

As to dependent claim 20. An architecture as recited in claim 18, wherein 
the marshaled credentials appear to be a conventional username/password pair 
to the UTCL" Is taught in 141 col. 7, lines 26-41. 

As to dependent claim 21, this claim is directed to a computer-readable 
medium of the method of claim 18 and is rejected along the same rationale. 

As to dependent claim 22, this claim is directed to an operating system on a 
computer-readable medium of the method of claim 18 and is rejected along the same 
rationale. 

As to independent claim 23, this claim is directed to an apparatus of the 
method of claim 1 and is rejected along the same rationale. 

As to independent claim 24, this claim is directed to the system of the method 
of claim 8 and is rejected along the same rationale. 
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As to dependent claims 26, 27, and 28, these claims incorporate substantially 
similar subject matter as claims 4, 5, and 6; they are rejected along the same rationale. 

As to independent claim 29, "A system for authenticating a user to a 
network, the system comprising: a request obtainer configured to obtain a 
request for a high level credential to authenticate the user to access a resource 
within the network" is taught in ( 141 col. 3, lines 39-61; 

"wherein the resource requires an appropriate credential before the user 
may access the resource; a credential retriever configured to retrieve the 
appropriate high-level credential from a database of credentials; a credential 
marshaller configured to generate a representation of the high-level credential 
that is formatted as a low-level credential so that it appears to be a conventional 
username/password pair; a credential returner configured to return the marshaled 
credential to the resource within the network, so that the resource allows the user 
to access such resource" is shown in '141 col. 4, lines 27-34; 

"wherein the obtainer, retriever, marshaller and returner are further 
configured to operate without user interaction" is disclosed in '141 col. 25, lines 39- 
41. 

As to dependent claim 30, this claim is directed toward an operating system 
comprising a system as recited in claim 29 and is rejected along the same rationale. 

As to dependent claim 31, A network environment comprising a system as 
recited in claim 29. 
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As to independent claim 32, "An application programming interface (API) 
method comprising" is taught in '141 col. 3, lines 39-61; 

"receiving a CredUI-promptfor-credentials call having a set of parameters 
comprising a TargetName, Context, AuthFlags, and Flags; parsing the call to 
retrieve the parameters to determine a specified resource; obtaining a credential; 
associating the credential with the specified resource; persisting the credential 
into a database while maintaining the credential's association with the specified 
resource" is shown in '141 col. 9, line 27 through col. 10, line 36. 
As to dependent claim 33, "wherein the set of parameters further comprises an 
indicator of a data structure containing customized information to display in 
conjunction with a user interface" is disclosed in 141 col. 10, 32-39. 
As to independent claim 34, "An application programming interface (A.PI) 
method comprising: receiving a CredUI-promptfor-credentials call having a set 
of parameters comprising a TargetName, UserName, Password, and Flags; 
parsing the call to retrieve the parameters to determine a requesting application" 
is taught in '141 col. 9, lines 27-45; 

"obtaining a low-level credential from a user, wherein such credential includes a 
username and a password; returning the low-level credential to the requesting 
application" is shown in '141 col. 7, lines 26-41. 

As to dependent claim 35, "wherein the set of parameters further 
comprises an indicator of a data structure containing customized information to 
display in conjunction with a user interface" is disclosed in 141 col. 10, lines 17-39. 
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Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. Claims 3, 9, and 25, are rejected under 35 U.S.C. 103(a) as being unpatentable 
over '141 as applied to claims 1, 8, 24, in further view of McNabb etal. U.S. Patent No. 
6,289,462, (hereinafter '462). 

As to independent claim 3, the following is not taught in 141 "wherein a high- 
level credential is a credential selected from a group composed of X.509 
Certificates and bio-metrics" however '462 teaches "The authentication module 9 of 
the trusted server system can be configured to request a user to provide a user ID and 
a site-definable authentication response (such as a password, a biometric device, a 
smart card, or an access token check)" in col. 15, lines 54-57. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify a security and access management method that accommodates 
legacy applications taught in '141 to include an authentication means that utilizes 
certificates and biometrics. One of ordinary skill in the art would have been motivated to 
perform such a modification because one of the most respected evaluation integrity 
tools is certificates see '462 (col. 4, lines 6-33) "Trusted operating systems undergo 
evaluation of their overall design, verification of the integrity and reliability of their source 
code, and systematic, .... ITSEC certification, performed by an independent body 



Application/Control Number: 09/757,058 Page 15 

Art Unit: 2134 

provides ... What is desired therefore is system where these components are fully 
integrated to provide a secure platform for network services, where users can install the 
system and immediately begin taking advantage its security features". 

As to dependent claims 9 and 25, these claims incorporate substantially similar 
subject matter as claim 3 and they are rejected along the same rationale. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy 
as set forth in 37 CFR 1 .136(a). A shortened statutory period for reply to this final 
action is set to expire THREE MONTHS from the mailing date of this action. In the 
event a first reply is filed within TWO MONTHS of the mailing date of this final action 
and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date 
the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will the 
statutory period for reply expire later than SIX MONTHS from the mailing date of this 
final action. 
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9. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(571) 272-3842. The examiner can normally be reached from 6:30 am to 3:30 pm. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Gregory A Morse can be reached on (571) 272-3838. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 
Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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